使用secret连接PV至RBD¶
获取admin用户keyring:
[root@renbin-new-1 ~]# ceph auth get-key client.admin |base64
QVFCRDhweGVYMFV6QmhBQWtWK1lUekdOU2ZTY3JiKzZGcDl3b3c9PQ==
创建kubernetes secret对象
cat ceph-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: ceph-secret
data:
key: QVFCRDhweGVYMFV6QmhBQWtWK1lUekdOU2ZTY3JiKzZGcDl3b3c9PQ==
创建secret对象:
[root@renbin-new-1 volumes]# kubectl apply -f ceph-secret.yaml
secret/ceph-secret created
[root@renbin-new-1 volumes]# kubectl get secrets
NAME TYPE DATA AGE
ceph-secret kubernetes.io/rbd 1 5s
创建rbd image:
rbd create pv-test-image-300M -s 300M -p kubernetes
rbd feature disable kubernetes/pv-test-image-300M object-map fast-diff deep-flatten exclusive-lock
rbd info kubernetes/pv-test-image-300M
创建PV:
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-test
spec:
capacity:
storage: 300M
accessModes:
- ReadWriteOnce
rbd:
monitors:
- '10.181.103.48:6789'
- '10.181.103.36:6789'
- '10.181.103.44:6789'
pool: kubernetes
image: pv-test-image-300M
user: admin
secretRef:
name: ceph-secret
fsType: xfs
readOnly: false
persistentVolumeReclaimPolicy: Recycle
创建PVC:
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pv-test-claim
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 100M
创建Pod测试:
apiVersion: v1
kind: Pod
metadata:
name: ceph-busybox
spec:
containers:
- name: ceph-busybox
image: busybox
command: ["sleep", "600000"]
volumeMounts:
- name: rbd-test
mountPath: /usr/share/busybox
readOnly: false
volumes:
- name: rbd-test
persistentVolumeClaim:
claimName: pv-test-claim
查看结果:docker inspect ceph-busybox
"Mounts": [
{
"Type": "bind",
"Source": "/var/lib/kubelet/pods/6d762195-12ac-469b-938d-c96de19e24d5/volumes/kubernetes.io~rbd/pv-test",
"Destination": "/usr/share/busybox",
"Mode": "Z",
"RW": true,
"Propagation": "rprivate"
},